Open issues/risks

`

Stage 1: Definition

1. Feature overview

This feature performs domain validation in TLS sessions by using DNSSEC chains.

2. Users & use cases

Server administrators can put key/certificate information in DNS records they control (e.g. TLSA records). This information is verifiable through DNSSEC. The browser can then use this in place of or alongside certificate chain validation.